Wednesday, 6 January 2016

Intune Entrollment Error: System policies prevent you from connecting to a work or school account.

I had some fun getting to the bottom of this error and I found some potential issues that can cause this error to pop up that might not be apparent. We had the Azure AD user account configured for Azure AD Join and the user was not over the limit of devices they could enroll (default 5). We wanted to enroll the device into Intune using the following procedure. First open the Settings menu from the Start menu.

Select Accounts.

Then select Work access and notice the error under Enroll in to device management.

What we did run into is two items that were generating the error.

Don't perform Azure AD Join with the default administrator account.

To enroll in Intune make sure the user performing Azure AD Join on the device is a local administrator.

Also make sure the machine is not domain joined and when the user enrolls the device into Azure AD they do not become a local administrator unless they were one to begin with. If the proper conditions are met the device enrollment dialog should have a plus sign to begin the enrollment process.

You will be asked to supply your Azure AD logon ID then click Continue.

Put in your password then click Sign in.

If two factor authentication is set up the follow page will appear. Select Set it up now to continue.

In this example I set my country to Canada then configured the system to send me a text message to the phone number I have configured previously for two factor authentication. I will click Contact me to continue the verification process.

I will enter in the security code sent to my cell phone then click Verify.

Now that I am authenticated I can select Done to complete the process.

Hi, I'm an MVP!

I Work for AMTRA Solutions

About this Blogger

Kevin Kaminski is a seasoned consultant with over 19 years’ experience focusing mainly on Microsoft technologies that range from device management to the data center. Using his experiences from different organizations large and small, he can draw upon practical knowledge that he incorporates into his speaking engagements, training materials, articles and consulting engagements. He currently is a Microsoft MVP for Windows and Devices for IT and has been a Microsoft MVP for Microsoft Application Virtualization (App-V) over the past six years.

Some of Kevin's current consulting engagements include the following roles: Windows 10 consultant with a local property development firm and Configuration Manager consultant with a local consulting company. In addition to his consulting engagements, Kevin spends time blogging and speaking at various technical conferences such as Briforum. Kevin is a past Director of the Calgary IT Pro Community Association and heads up the Calgary Systems Management User Group (a CIC special interest group).